Don't be scammed by a new fraud game known as phishing.

Phishing (pronounced "fishing") is when an individual or a group of cyber-criminals creates an imitation or copy of an existing legitimate Web page to trick users into providing sensitive personal information, such as credit or debit card numbers, account username and password, social security numbers or PIN numbers. In most cases, this information is then sold to other criminals, who use it for financial gain. They do this by using a trusted brand of well-known banks, credit card companies and online retailers. The request will generally include disturbing or exciting statements so people will react immediately and respond with the desired information.

If you receive an email or telephone inquiry
asking for your personal information,
DO NOT RESPOND!

Check its authenticity by contacting the company that appears to be the originator of the request.

First Virginia Community Bank will not make a telephone inquiry or send an email to verify or update confidential customer information.

If you think you have been a victim of phishing, contact us immediately at (703) 436-3800.

Cyber Attacks:

Cyber Terrorism Tactics... and how they Could Affect you

Cyber-attacks against the U.S. financial system are very much in the news lately, with attacks coming sometimes several times a week. These cyber-attacks are the focus of concern for both government and industry, as experts seek ways to identify the perpetrators and stop the attacks.

As a bank customer, it is important for you to know the facts about these events, so you can interpret the news and decide for yourself

The key key facts to remember are

your personal information is safe

your money is safe

Here is additional information about the cyberattckers, their methods, and their results:

What is a Cyber Attack?

Cyber-attacks on banks take the form of distributed denial of service attacks (DDOS). These “denial of service” attacks flood a target organization’s website with traffic. Attackers focus on one or two pages—such as the Welcome page or Log In page—hitting it as much as 20 million times a minute. This causes the system to operate slowly as it sorts out the difference between honest requests for service (such as a customer’s), and a request that might cause harm (such as a hacker’s). The purpose of the cyber-attack is to keep the bank’s security system busy, thus denying customers access to their accounts.

So It Only Slows the System Down?

That is the extent of the recent attacks. As the system sorts out the dangerous requests from the others, you might have to wait longer than normal for service. With 20 million
requests from the cyber-attackers and one from you, it’s not hard to understand why!

How Long Should I Expect to Wait?

Attacks have been known to last up to several hours. During this time, you may wish to use one of your bank’s many other avenues to access your financial information, such as mobile,ATM, phone, or on-site service.

Who Are These Cyber-Attackers?

Government and industry experts know that the technology required for such massive Internet hacking cannot be accomplished by a typical basement hacker. Rather, governments, presumably countries unfriendly to the US, have the resources to back operations of this sophistication and expense, according to US government experts.

What Can I Do to Protect Myself?

Continuing to use the same common sense security tactics is still your best defense. Tips are included here to refresh your memory.

Strong Passwords—Experts advise a combination of letters and numbers, and advise against using easily guessed passwords such as birthdays or home addresses.

Anti-Virus Protections—Make sure the anti-virus software on your computer is current and scans your email as it is received.

Sign Off and Log Out—Always log off by following the bank’s secured area exit procedures.

Monitor Your Accounts—When you check your accounts regularly, you can let your bank know immediately if you encounter anything that does not seem right.

Resources

Internet Crime Complaint Center: www.ic3.gov

Consumer Fraud (Department of Justice Homepage): www.usdoj.gov

Federal Trade Commission (FTC) Consumer

Response Center: www.ftc.gov

Consumer Guides and Protection: www.usa.gov

Financial Fraud Enforcement Task Force: www.stopfraud.gov

On Guard Online: www.onguardonline.gov

Account Hijacking & Identity Theft

How to Recognize it, How to Prevent it

It is the fastest growing form of identity theft, and it can have the most devastating effect on us. It is called Account Hijacking, and some 2 million people are victimized yearly.
Account hijacking occurs when a criminal obtains your personal banking information and uses it to take over your bank accounts. It can take weeks or months to discover. Fortunately, there are steps you can take to protect yourself.

Step 1: Protecting Yourself: Understand the Threat

Often, the account hijacker uses one or more methods to obtain your personal data. You should be particularly aware of two:

Hijacking by Phishing deceives customers into providing their user names, passwords, and account numbers via deceptive e-mails, fake Web sites, or both. The classic phishing attack involves a deceptive e-mail that purports to be from a legitimate financial institution. The e-mail typically tells the customer that there is some sort of problem with the customer’s account, and instructs the recipient to click on the included hyperlink to ”fix” the problem. In reality, the fake Web site is simply collecting customer user names and passwords in order to hijack accounts.

Hijacking with Spyware works by inserting malicious software, often referred to as "spyware," on a person's personal computer. Spyware can be loaded when a user opens a seemingly innocuos e-mail attachment or clicks on a pop-up advertisement. The spyware collects selected information 9e.g. user names, passwords, and account numbers) and forwards that information to fraudster

Step 2: Protecting Yourself: Fortify Your System

Here are some basic safety measures you can implement immediately:

Password Protection—If your password is easy for you to remember, the chances are good it is also easy for an Internet hacker to figure out. Experts advise a combination of letters and numbers...and avoiding pet names, your home address, and similar easy-to-crack codes.

Anti-Virus Software—Your computer’s anti- virus software is like a vaccine—it works at first, but you need to keep it up-to-date to guard against new strains.

Anti-Spyware—Anti-spyware programs are readily available, and every computer connected to the Internet should have the software installed... and updated regularly.

“Phishing Awareness”—If you receive an unexpected email, or one that you consider suspicious, delete it. Remember: your bank will never email you and ask you to go to another site to “verify information.”

Quick Facts about Account Hijacking

An estimated 2 million people are hit with account hijacking each year; most say it was from a phishing email.

People who monitor their accounts online (rather than just with mailed statements) can detect hijacking earlier. In one report, victims’ losses were one-eighth of those who detected the crime via paper statements due to early detection.

Step 3 Protecting Yourself: Vigilance Pays

Chances are you will never be victimized by account hijacking identity theft. But if you are victimized, early detection is critical.

Check your credit report at least annually. You are entitled to one free credit report annually from each of the three major credit bureaus. If a hijacker is misusing your credit, clues are likely to show up here. For a free report: www.annualcreditreport.com.

Your bank is taking substantive measures to protect the safety and security of your accounts. By acting today to strengthen security at your end of the Internet highway, hijackers will have an even tougher time. Stop by your bank to learn more.

New financial standards will assist banks and business account holders to make online banking safer and more secure from account hijacking and unauthorized funds transfers.

Banks and Business Team up for Security

As someone responsible for a business bank account, you will want to know that new supervisory guidance from
the Federal Financial Institutions Examination Council (FFIEC) are helping banks strengthen their vigilance and assure that your business accounts are properly secured during money transfers of all kinds. FFIEC is the coordinating group that sets standards for the major financial industry regulators and examiners.

UNDERSTANDING THE RISKS:

FFIEC studies have shown that there have been significant changes in the threat landscape in recent years. Fraudsters—many from organized criminal groups—have continued to deploy more sophisticated methods to compromise authentication mechanisms and gain unauthorized access to customers’ online accounts. For example, hacking tools have been developed and automated into downloadable kits, increasing their availability to less experienced fraudsters.

As a result, online account takeovers and unauthorized funds transfers have risen substantially each year since 2005, particularly with respect to commercial accounts, representing losses of hundreds of millions of dollars.

ENHANCED CONTROLS PROTECT HIGHER RISKS

The FFIEC supervisory guidance addresses the fact that not every online transaction poses the same level of risk, recommending that financial Online business transactions generally involve ACH file origination and frequent interbank wire transfers. Since the frequency and dollar amounts of these transactions are generally higher than consumer transactions, they pose a comparatively increased level of risk to the institution and its customer, according to FFIEC. Thus banks are advised to implement security plans utilizing controls consistent with the increased level of risk for covered business transactions.

These enhanced controls are designed to exceed the controls applicable to routine customer users. For example, a preventive control could include requiring an additional authentication routine prior to final implementation of the access or application changes. A detective control might include a transaction verification notice immediately following implementation of the submitted access or application changes. Based upon the incidents the Agencies have reviewed, enhanced controls over administrative access and functions can effectively reduce money transfer fraud.

SUMMARY OF RECOMMENDATIONS FOR BUSINESS ACCOUNTS

Banks to urge business account holders to conduct periodic assessment of their internal controls

Use layered security for system administrators

Initiate enhanced controls for high-dollar transactions

Provide increased levels of security as transaction risks increase

LAYERED SECURITY FOR INCREASED SAFETY

Your bank uses both single and multi-factor authentication, as well as additional “layered security” measures when appropriate.
Layered security is characterized by the use
of different controls at different points in a transaction process so that a weakness in one control is generally compensated for by the strength of a different control. This allows your bank to authenticate customers and respond to suspicious activity related to initial login...and then later to reconfirm this authentication when further transactions involve the transfer of funds.
For business accounts, layered security might often include enhanced controls for system administrators who are granted privileges to set up or change system configurations, such as setting access privileges and application configurations and/or limitations

INTERNAL ASSESSMENTS AT YOUR BANK

The new supervisory guidance offers ways your bank can look for anomalies that could indicate fraud. The goal is to ensure that the level of authentication called for in a particular trans- action is appropriate to the level of risk in that application. Accordingly, your bank has concluded a comprehensive risk-assessment of its current methods as recommended in the FFIEC guidelines. These risk assessments consider, for example:

Changes in the internal and external threat environment

Changes in the customer base adopting electronic banking

Changes in the customer functionality offered through electronic banking; and

Actual incidents of security breaches, identity theft, or fraud experienced by the institution or industry.

EXAMPLES OF LAYERED SECURITY FOR BUSINESS ACCOUNTS
Whenever increased risk to your transaction security might warrant it, your bank will have available additional verification procedures, or layers of control, such as:

Fraud detection and monitoring systems that include consideration of customer history and behavior;

Dual customer authorization through different access devices;

Out-of-band verification for transactions;

Positive pay,” debit blocks, and other techniques to appropriately limit the transactional use of the account;

Transaction value thresholds, number of transactions allowed per day, and allowable payment windows (e.g., days and times);

Internet protocol (IP) reputation-based tools to block connection to banking servers from IP addresses known or suspected to be associated with fraudulent activities;

Policies and practices for addressing customer devices identified as potentially compromised and customers who may be facilitating fraud;

Account maintenance controls over activities performed by customers either online or through customer service channels.￼￼

YOUR PROTECTIONS UNDER “REG E”

Banks follow specific rules for electronic transactions issued by the Federal Reserve Board known as Regulation E. Under the protections provided under Reg E, consumers can recover internet banking losses according to how soon they are reported. In general, these protections are extended to consumers and consumer accounts. Your banker can provide additional details about how Reg E might affect your business account.

IF YOU HAVE SUSPICIONS

If you notice suspicious activity within your account or experience security-related events you can contact anyone at your bank and you will
be quickly and courteously guided to the person responsible for handling such issues.

Online Banking, Data, Security, & You

Your Partnership for Safe Online Banking

line banking has grown rapidly into a major new way to bank. Some surveys show that more people prefer to bank online than
in the traditional ways. This phenomenal growth has been accompanied by increases in the safety and security measures undertaken by banks and their customers. But cyber-criminals are always looking for new ways to electronically break into the bank and steal your money.Safe online banking depends on continuing and strengthening this partnership for safe online banking:

Banks Invest Subtantially in Security

Lawmakers, regulators and the banking industry have forged substantive standards for safeguarding customers’ personal information.Uniform examination procedures are in place to monitor and enforce these standards, and bank examiners regularly go on-site to assess how bank security measures are being implemented, understanding that each bank has a different menu of products and services, and therefore differing security requirements. Some of the areas they look at include:
Access controls ensuring customer information can be accessed only by authorized persons, including use of multi-factor authentication when warranted.

​BANKS PARTNER WITH YOU, THE CUSTOMER

Your bank has security measures to protect your account information, but they can’t be effective without your help and cooperation. Many account hijacking attempts come as a result of hacking into individual user accounts, and from there electronically breaking into the bank using your information and security codes.

Some common sense and easily implemented precautions can help you safeguard your personal information:

Strong Passwords—Experts advise a combination of letters and numbers, and advise against using easily guessed passwords such as birthdays or home addresses.

Anti-Virus Protections—Make sure the anti-virus software on your computer is current and scans your email as it is received.

Email Safety—Email is generally not encrypted so be wary of sending any sensitive information such as account numbers or other personal information in this way.

Sign Off and Log Out—Always log off by following the bank’s secured area exit procedure

Don’t Get Phished—Crooks are always trying to get your personal information, and they employ some ingenious methods. Don’t respond to any unusual email requests for personal information— when you opened your bank accounts you already gave it. When in doubt, call your bank.

Monitor Your Accounts—When you check your accounts regularly, you can let your bank know immediately if you encounter anything that does not seem right.

HELPFUL HINT: Studies show that those who monitor their accounts online often detect fraud earlier than those who rely solely on paper statements.

ONLINE & MOBILE THREATS

Cyber-fraudsters want to earn their money the easy way—by stealing yours.
Understanding how criminals try to trap you is your first line of defense:

PHISHING—This is the criminal attempt to steal your personal information through fraudulent emails or smart-phone texts. They are often very believable, luring the victim to a site that asks them to provide (or “verify”) personal financial details such as account numbers and social security numbers. A variation is called Spear Phishing, which are electronic messages that appear to come especially to victims from their employer, usually a large corporation. Cyber-security experts often term the mobile phone version of phishing Smishing, playing off the SMS, or Short Message Service terminology used in text messaging. Remember: your bank will not send emails asking for your personal information—they already have it.

CARD SKIMMING—This is a criminal’s attempt to gain a victim’s personal information by tampering with ATM machines. Fraudsters set up a device that can capture magnetic stripe and keypad information, such as PINs and account numbers. Using ATMs you know and trust—as well as examining the machine closely—can help thwart this type of theft.

SPYWARE—This is the term used for criminal software that a victim unknowingly loads on a personal computer. Once there, the spyware collects personal information and sends it to the criminal. Up-to-date security software is the best defense.

HELPFUL HINT: Cyber-criminals often prey on those who are most vulnerable, such as senior citizens or young adults, who may not be as aware of the technical aspects of the threats. Make sure you alert any friends or family members who might be in this category. They’ll appreciate it!

FREE CREDIT REPORTS YOUR BEST TOOL

When it comes to guarding against cyber-fraud, one of the most important tools at your disposal is your credit report. It details all of your credit transaction accounts, and will be the first place that unusual charges or entirely new accounts will appear. And you can monitor your report for FREE.

Since Federal law permits consumers to obtain a free report annually from each of the three major credit reporting agencies, cyber-security experts advise that you to get a free report from a different agency every four months. Doing so will allow you to monitor your personal online security all year long.

Resources

Internet Crime Complaint Center: www.ic3.gov

Consumer Fraud (Department of Justice Homepage): www.usdoj.gov

Federal Trade Commission (FTC) Consumer Response Center: www.ftc.gov

Consumer Guides and Protection: www.usa.gov

Financial Fraud Enforcement Task Force: www.stopfraud.gov

On Guard Online: www.onguardonline.gov

Web Warning

FVCbank will never send an email requesting that you verify personal information. If you receive such an email from any bank, delete it immediately. Never click on a link in a suspect email as it may take you to a website that looks valid but which is actually a counterfeit site. Such "phishing" websites can be used to gain access to your IDs, passwords and other confidential account information.